package com.maizhi.interceptors;

import java.io.IOException;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import com.maizhi.httpmodel.SessionInfo;
import com.maizhi.httpmodel.UserI;
import com.maizhi.model.Resource;
import com.maizhi.service.AuthServiceI;
import com.maizhi.util.RequestUtil;
import com.maizhi.util.ResourceUtil;


/**
 * 权限拦截器
 * 
 */
public class AuthInterceptor implements HandlerInterceptor {

	private static final Logger logger = Logger.getLogger(AuthInterceptor.class);

	private AuthServiceI authService;

	public AuthServiceI getAuthService() {
		return authService;
	}

	@Autowired
	public void setAuthService(AuthServiceI authService) {
		this.authService = authService;
	}

	/**
	 * 完成页面的render后调用
	 */
	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception exception) throws Exception {
	}

	/**
	 * 在调用controller具体方法后拦截
	 */
	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView modelAndView) throws Exception {

	}

	/**
	 * 在调用controller具体方法前拦截
	 */
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {

		String requestPath = RequestUtil.getRequestPath(request);// 用户访问的资源地址
		requestPath = requestPath.replaceFirst("/", "");
		
		//logger.info("requestPath is :"+requestPath);
		
		boolean b = false;
		
		Resource resources = authService.getResourcesByRequestPath(requestPath);
		if (resources == null) {// 当前访问资源地址没有在数据库中存在
			forward("访问资源不存在 :  "+requestPath, request, response);
			return false;
		}
		
		List<Resource> offLoginList = authService.offLoginList(); //不需要登录验证的资源集合
		for (Resource r : offLoginList) {
			if (r.getSrc() != null && r.getSrc().equals(requestPath)) {
				b = true;
				break;
			}
		}
		
		if (b) {
			return true;// 当前访问资源地址是不需要验证的资源
		}else{
			
			SessionInfo sessionInfo = (SessionInfo) request.getSession().getAttribute(ResourceUtil.getSessionInfoName());
			
			if (sessionInfo == null) {// 没有登录系统，或登录超时
				forward("您没有登录或登录超时，请重新<a target='_parent' href='"+request.getContextPath()+"'><font color=blue>登录</font></a>！", request, response);
				return false;
			}
			
			
			List<Resource> offResourcesList = authService.offResourcesList(); // 不需要权限验证的资源集合
			for (Resource resource : offResourcesList) {
				if (resource.getSrc() != null && (resource.getSrc().equals(requestPath) || ("/"+resource.getSrc()).equals(requestPath))) {
					b = true;
					break;
				}
			}
			
			if (b) {
				return true;// 当前访问资源地址是不需要验证的资源
			}else{
				UserI user = sessionInfo.getUser();
				if (user.getLoginCode().equals("lic")) {// 超级管理员不需要验证权限
					return true;
				}

				if (authService.checkAuth(user.getId(), requestPath)) {// 验证当前用户是否有权限访问此资源
					return true;
				} else {
					forward("您没有【" + resources.getText() + "】权限，请联系管理员给您赋予相应权限！", request, response);
					return false;
				}
			}
		}
	}

	private void forward(String msg, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.setAttribute("msg", msg);
		request.getRequestDispatcher("error/authMsg.jsp").forward(request, response);
	}

}
